ClawHub

来了

v1.0.0

Use the ClawHub CLI to search, install, update, and publish agent skills from clawhub.com. Use when you need to fetch new skills on the fly, sync installed s...

0· 73·0 current·0 all-time
by@lice2021·duplicate of @vassiliylakhonin/vassili-clawhub-cli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: the skill needs the 'clawhub' CLI and the install spec installs the npm 'clawhub' package. There are no unrelated binaries, env vars, or config paths requested.
Instruction Scope
SKILL.md instructs the agent to run clawhub commands (search, install, update, publish) and suggests npm -g install. These commands legitimately operate on local skill folders and the OpenClaw workspace. Note: publishing and installing will read and write local skill directories and can transfer code to/from the registry, so the agent will have the ability to fetch and install arbitrary skill packages from the registry and to publish local folders (avoid exposing secrets in those folders).
Install Mechanism
Install uses the public npm package 'clawhub' (npm i -g clawhub). This is an expected mechanism but carries the usual npm risks: the package maintainer controls the code that runs on install and when the CLI is invoked. Global install modifies the environment (PATH) and may require elevated permissions on some systems.
Credentials
No required environment variables or credentials are declared. The docs mention optional overrides (CLAWHUB_REGISTRY, CLAWHUB_WORKDIR) which are reasonable and not required. The skill does involve logging into the ClawHub registry (clawhub login) when publishing, which is expected behavior.
Persistence & Privilege
always: false and no special privileges are requested. The skill's install step creates a global CLI binary (normal for a CLI helper). Note: the agent can invoke this skill autonomously by default (platform default); if you do not want the agent to auto-install or update packages, restrict autonomous invocation or require explicit user actions.
Assessment
This skill is a simple wrapper for the ClawHub CLI and is coherent with its description, but it carries the normal risks of installing and running third-party CLI software. Before installing: 1) Verify the npm 'clawhub' package source and maintainer reputation. 2) Be aware that npm i -g will install code that can run on your system and may require elevated permissions. 3) When publishing, do not include secrets or unrelated files in the skill folder. 4) If you don’t want the agent to autonomously install or update packages, restrict autonomous invocation or run clawhub commands manually in a controlled environment (e.g., a sandbox or CI job).

Like a lobster shell, security has layers — review code before you run it.

latestvk9731qezd1t55bw1nz4czwc8tn83rmny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsclawhub

Install

Install ClawHub CLI (npm)
Bins: clawhub
npm i -g clawhub

Comments